AI-Powered Infrastructure & Compliance Platform for Azure Government
Built on .NET 9.0, and Model Context Protocol (MCP). Uses the Microsoft Agent Framework architecture pattern with 8+ specialized AI agents for infrastructure, compliance, cost management, and more.
# Clone and build
git clone https://github.com/POps-Rox/platform-engineering-copilot.git
cd platform-engineering-copilot
dotnet build
# Azure authentication
az cloud set --name AzureUSGovernment # or AzureCloud
az login
export AZURE_TENANT_ID=$(az account show --query tenantId -o tsv)
# Configure
cp .env.example .env
# Edit .env with Azure OpenAI and subscription details
# Run MCP server only (Docker)
docker-compose -f docker-compose.mcp.yml up -d
curl http://localhost:5100/health
# Run MCP + Chat UI
docker-compose -f docker-compose.mcp-chat.yml up -d
open http://localhost:5001
# Run full platform (MCP + Chat + Admin)
docker-compose -f docker-compose.mcp-chat-admin.yml up -d
open http://localhost:5000 # Admin ClientThe platform uses Microsoft Agent Framework with PlatformAgentGroupChat for multi-agent orchestration.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MCP SERVER (:5100) β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β PlatformAgentGroupChat ββ
β β ββ PlatformSelectionStrategy (intent-based routing) ββ
β β ββ PlatformTerminationStrategy ββ
β β ββ 8 Specialized Agents ββ
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β Compliance β βInfrastructureβ β Cost β β
β β Agent β β Agent β β Agent β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β Discovery β β Environment β βConfigurationβ β
β β Agent β β Agent β β Agent β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β βββββββββββββββ βββββββββββββββ β
β β Knowledge β β Security β β
β β Base Agent β β Agent β β
β βββββββββββββββ βββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββ βββββββββββββββ βββββββββββββββ
β Chat UI β β Admin API β βAdmin Client β
β :5001 β β :5050 β β :5000 β
βββββββββββββββ βββββββββββββββ βββββββββββββββ
| Service | Port | Description |
|---|---|---|
| MCP Server | 5100 | Dual-mode (HTTP + stdio) orchestration hub |
| Chat UI | 5001 | SignalR-based web chat interface |
| Admin API | 5050 | RESTful admin operations (Swagger) |
| Admin Client | 5000 | Blazor WebAssembly dashboard |
| Agent | Domain | Key Capabilities |
|---|---|---|
| Compliance | Governance | NIST 800-53, FedRAMP, Defender for Cloud, remediation |
| Infrastructure | Provisioning | Azure resources, Bicep/Terraform generation |
| Cost | FinOps | Cost analysis, optimization, trend forecasting |
| Discovery | Inventory | Resource discovery, health, dependency mapping |
| Environment | Lifecycle | Environment provisioning, template management, Git sync |
| Configuration | Settings | Azure configuration, Key Vault, App Config |
| KnowledgeBase | Documentation | ATO docs, SSP generation, policy lookup |
| Security | Protection | Vulnerability scanning, secure score, policy |
"Run NIST 800-53 compliance scan on my subscription"
"Create storage account data001 in rg-dr with encryption"
"Show cost analysis for last 30 days grouped by resource type"
"What's my secure score and top recommendations?"
"List all VMs in my subscription with their health status"
"Generate Bicep for an AKS cluster in usgovvirginia"
"Clone environment dev to staging"
"What are the FedRAMP High requirements for access control?"
Create ~/.vscode/mcp.json:
{
"mcpServers": {
"platform-engineering-copilot": {
"command": "dotnet",
"args": ["run", "--project", "/path/to/src/Platform.Engineering.Copilot.Mcp"]
}
}
}Edit ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"platform-engineering-copilot": {
"command": "dotnet",
"args": ["run", "--project", "/path/to/src/Platform.Engineering.Copilot.Mcp"]
}
}
}src/
βββ Platform.Engineering.Copilot.Mcp/ # MCP Server (HTTP:5100 + stdio)
β βββ Server/ # HTTP bridge endpoints
β βββ Tools/ # MCP tool definitions
β βββ Prompts/ # Agent system prompts
βββ Platform.Engineering.Copilot.Agents/ # All agents (consolidated)
β βββ Common/ # Shared abstractions
β βββ Orchestration/ # PlatformAgentGroupChat, strategies
β βββ Compliance/ # Compliance Agent
β βββ Infrastructure/ # Infrastructure Agent
β βββ CostManagement/ # Cost Agent
β βββ Discovery/ # Discovery Agent
β βββ Environments/ # Environment Agent
β βββ Configuration/ # Configuration Agent
β βββ KnowledgeBase/ # Knowledge Base Agent
β βββ Extensions/ # DI registration
βββ Platform.Engineering.Copilot.Core/ # Shared core library
β βββ Data/ # EF Core context, migrations
β βββ Services/ # Azure SDK integrations
β βββ Models/ # Domain models
β βββ Interfaces/ # Service contracts
βββ Platform.Engineering.Copilot.State/ # State management
βββ Platform.Engineering.Copilot.Channels/ # Communication channels
βββ Platform.Engineering.Copilot.Chat/ # Web Chat UI (:5001)
βββ Platform.Engineering.Copilot.Admin.API/ # Admin REST API (:5050)
βββ Platform.Engineering.Copilot.Admin.Client/ # Blazor WASM (:5000)
| File | Services | Use Case |
|---|---|---|
docker-compose.mcp.yml |
MCP only | AI client development |
docker-compose.mcp-chat.yml |
MCP + Chat | Web chat interface |
docker-compose.mcp-admin.yml |
MCP + Admin | Admin dashboard |
docker-compose.mcp-chat-admin.yml |
Full platform | Production deployment |
Refactored Bicep templates live under infra/bicep. They use modern .bicepparam files, typed parameters, and simplified orchestration.
Quick steps:
# Set cloud and authenticate
az cloud set --name AzureUSGovernment # or AzureCloud
az login
# Dev: MCP + Admin
az deployment group create \
--resource-group rg-pecop-dev \
--parameters infra/bicep/main.dev.bicepparam \
--parameters sqlAdminPassword='YourSecurePassword123!'
# MCP-only
az deployment group create \
--resource-group rg-pecop-dev \
--parameters infra/bicep/main.mcp-only.bicepparam \
--parameters sqlAdminPassword='YourSecurePassword123!'
# Prod: all services
az deployment group create \
--resource-group rg-pecop-prod \
--parameters infra/bicep/main.prod.bicepparam \
--parameters sqlAdminPassword='SetSecurelyFromKeyVaultOrPipeline'More details and parameters: infra/bicep/README.md
All configuration in appsettings.json:
{
"ConnectionStrings": {
"DefaultConnection": "Data Source=platform_engineering_copilot_management.db"
},
"Gateway": {
"AzureOpenAI": {
"Endpoint": "https://your-openai.openai.azure.us/",
"ApiKey": "<key>",
"DeploymentName": "gpt-4o"
}
},
"AgentConfiguration": {
"ComplianceAgent": { "Enabled": true, "Temperature": 0.2 },
"InfrastructureAgent": { "Enabled": true, "DefaultRegion": "usgovvirginia" }
},
"GitSync": {
"AutoSyncEnabled": true,
"DefaultSyncIntervalMinutes": 30
}
}| Document | Description |
|---|---|
| docs/ARCHITECTURE.md | System architecture, agent framework |
| docs/AGENTS.md | All agents with capabilities |
| docs/DEPLOYMENT.md | Docker, ACI, AKS deployment |
| docs/GETTING-STARTED.md | Complete setup guide |
| docs/DEVELOPMENT.md | Development guide, contributing |
| docs/AUTHENTICATION.md | Azure authentication, CAC/PIV |
| docs/AGENT-REMEDIATION-BOUNDARIES.md | Agent responsibility boundaries |
| Component | Technology |
|---|---|
| Runtime | .NET 9.0 / C# 12 |
| AI Framework | Microsoft Semantic Kernel 1.26.0 |
| MCP | ModelContextProtocol 0.4.0-preview |
| Azure SDK | Azure.ResourceManager.* |
| Database | SQLite (default), SQL Server (optional) |
| Frontend | Blazor WebAssembly, ASP.NET Core Razor |
| Real-time | SignalR |
# Build
dotnet build Platform.Engineering.Copilot.sln
# Test
dotnet test Platform.Engineering.Copilot.sln
# Run MCP server (stdio mode for AI clients)
dotnet run --project src/Platform.Engineering.Copilot.Mcp
# Run MCP server (HTTP mode for web clients)
dotnet run --project src/Platform.Engineering.Copilot.Mcp -- --http
# Run Chat UI
dotnet run --project src/Platform.Engineering.Copilot.Chat --urls http://0.0.0.0:5001
# Run Admin services
dotnet run --project src/Platform.Engineering.Copilot.Admin.API --urls http://0.0.0.0:5050
dotnet run --project src/Platform.Engineering.Copilot.Admin.Client --urls http://0.0.0.0:5000MIT License - see LICENSE